Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT

MS Office for the iPad is here

  • 0
admin
Monday, 31 March 2014 / Published in Woo on Tech
Microsoft Logo

It feels strange to be writing about Microsoft and not mentioning a security loophole or zero-day exploit, but it is the day before April Fool’s after all. Fortunately for the iPad faithful, this isn’t a prank. On March 27, Microsoft launched iPad versions of it’s most used office productivity applications: Word, Excel and PowerPoint, all of them available for free download through the App store. “What’s the catch,” I hear you say? You can use them free, forever, to view documents, but if you want to create or edit documents, you need to have a subscription to Office365.com, the minimum of which is $70/year.

What this means for you:

The lack of any official MS Office software may have been one of the remaining tenuous barriers holding the iPad back from a complete domination of corporate boardrooms. Long a favorite of executives but usually relegated to email-only roles because of this lack, Office for the iPad may allow the C-suite to completely cut the cord on any vestigial Windows laptops they have been “forced” to carry around to do anything other than reading emails. I also know a lot of road warriors who may view the new apps with a mix of joy and trepidation, as it will conceivably allow for more effective work-related use of their iPad on those cramped, coach-fare flights. The excuse of “not being able to edit that Word document during the flight because all I have is my iPad” just won’t cut it anymore.

In all seriousness, this also marks a significant change in vision for Microsoft, a company that up until the new CEO’s arrival, had been a company that always put “Windows first”, even when it may have meant losing marketshare, as it has for so long in the iPad space. It’s still too early to tell whether this change in corporate values will lead to other transformations and products for other platforms (Office for Android anyone?), but this is certainly a step in new direction for the company.

app storeAppleexcelipadmicrosoftofficeoffice365powerpointwindowsword

Your email is not private

  • 0
admin
Wednesday, 26 March 2014 / Published in Woo on Tech
ID-10067190.jpg

Unless you’ve been living under a rock for the past year, most will leap to the conclusion that I’m writing about the ongoing government snooping that seems to permeate the internet these days. Unfortunately, another of the tech industry’s dirty little secrets is being dragged out into the light of day, and it’s something you’ve probably known all along but didn’t want to acknowledge: Your email is not private. Microsoft recently underlined and highlighted this fact by releasing details on an investigation into an ex-employee’s attempt to sell confidential information. The individual in question was identify primarily through the contents of his Hotmail account, which Microsoft openly admits to reading. While this may seem to be a blatant and gross invasion of privacy (it is), it’s also well within Microsoft’s rights as outlined in the Terms of Service every single customer agrees to when creating and using the free webmail account.

What this means for you:

Before you think this is a Microsoft bashing party, Google and Yahoo have the same sort of Terms of Service, as does just about any other email provider out there. They can read your email any time they want to, and they don’t have to get a search warrant like law enforcement supposedly has to do. They own the equipment, software and data services that deliver your email, and they assert openly in the Terms of Service in one way or another that your email is not yours to keep private. You might also want to review your employer’s information security policy: it’s highly likely that they advise you that any email transmitted through their servers is company property, and is subject to review at any time. This is not something new – policies like this have been around since email first started being used in large organizations that could afford lawyers.

The only way to keep email truly private is to use end-to-end encryption, a process that most people find daunting to establish, and inconvenient to use. Until there is a radical change in how we communicate on the internet, the only way to truly keep things away from prying eyes is to not put them on the internet in the first place.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

emailGooglemicrosoftpolicyprivacyterms of servicewebmailyahoo

MS Word zero-day exploit in the wild

  • 0
admin
Tuesday, 25 March 2014 / Published in Woo on Tech
Microsoft Zero Day Warning

Microsoft has released a security advisory that warns of a new zero-day weakness that is currently being exploited on the internet. Depending on how you interpret their choice of wording – “targeted attacks” – the scale seems to be relatively limited for the moment, but given that the compromised app is Microsoft Word and is not limited to a specific version, the potential attack surface is huge. And it gets better: the delivery mechanism is a hacked RTF file that once opened can lead to the targeted machine being completely compromised. While RTF files aren’t as widely used as the default “.doc” and “.docx” formats, they are used to export and import documents from Word to other word processing platforms like Wordperfect, LibreOffice, OpenOffice and Apple Pages.

What this means for you:

Microsoft has issued a temporary fix which merely disables the ability for Word to open RTF files, but as of the moment there is no ETA on a patch delivered by Windows Update. We recommend applying this Fix-it if you are at all unsure what an RTF file is, or how to tell the difference from other Word and Email formats.

The most vulnerable user to this exploit is actually someone who uses Word to view formatted emails delivered via Outlook. Normally, Outlook is not set to view emails using Word by default, so if you didn’t set Outlook to do this, you only have to worry about Word. If you did, disable this feature and use Outlook’s built-in email viewer to read formatted emails. For Word users, don’t open RTF files, even if they come from a trusted source, and don’t send any RTF files, as your recipients may be exercising the same level of caution. If you have to exchange data using RTF, make sure you communicate thoroughly with your recipients, and choose another platform other than email to exchange files, primarily so there is no chance they could mistake a trojaned RTF for a legitimate file. 

exploitmicrosoftoutlookrtfsecuritytrojanwordzero day

Grad students build Google Glass spy app

  • 0
admin
Wednesday, 19 March 2014 / Published in Woo on Tech
Spy Glass

From the moment it was announced, Google Glass has been a favorite target in the growing privacy debate in our always-online and increasingly less-private society. Initially, privacy advocates were worried that Glass wearers could record others without their permission or even awareness. Now, we have to worry about the possibility that the device itself could fall victim to remote access malware, like we recently wrote about here and here. Grad students from Calforina Polytechnic have created a trojan application that purports to be a note-taking application, but instead takes photos without the wearer’s knowledge, recording images every 10 seconds while the device appears to be off, and uploading the photos via Glass’s built-in data connection to a specified destination conceivably anywhere on the internet.

What this means for you:

Before you go running for the pitchforks and torches, the app was created as a proof-of-concept to demonstrate a key weakness in Google Glass’s current operating system. This app’s ability to take pictures while the device reports itself as “off” is a violation of Google’s Terms of Use for the device, but that TOU is completely toothless as the OS in its current state can’t enforce that restriction. Worse still, the app itself actually made it through Google Play’s screening process and was available for a short while on the official app store. It might still be there if not for the students’ professor tweeting about it, and Google consequently pulling it for TOU violations. Google’s position was that this was a desired outcome, and the reason that Glass is still in limited to release to developers and their early-adopter aka beta tester program called Glass Explorers.

I’m fairly certain the students in question weren’t the first to dream up this concept, and you can bet that hackers with much more nefarious intent are impatiently waiting for the inevitable arrival and wide-spread use of wearable technology. The current, laser-hot focus of the privacy debate may be on the NSA and Ed Snowden’s disturbing revelations for the moment, but it seems the government isn’t the only one spying on us. In the words of the sage Walt Kelly (of Pogo comic strip fame), “We have met the enemy, and they are us.“

google glasshackprivacysecurityspywaretrojan

Don’t get suckered by fake breaking news

  • 0
admin
Tuesday, 18 March 2014 / Published in Woo on Tech
Time for caution!

It’s an unfortunate but not unexpected state of affairs that hackers continue to take advantage of our voracious appetite for news. As has been happening with hot news stories for at least a year or more, malware links are cropping up to exploit the media frenzy surrounding missing Malaysian Flight MH370. Taking advantage of the viral nature of sharing prevalent on Facebook and Twitter, fake links promise “shocking video” revealing the fate of the missing flight. Clicking them takes you to a counterfeit survey designed to look like the Facebook surveys many app-makers use to gather info on users before granting access to their app or content. Instead of course, you are giving your info to hackers on a fake website which will undoubtedly be used to annoying, or worse, nefarious ends.

What this means for you:

If I’ve said it once, I’ve said it 1000 times: don’t click links in Twitter, Facebook or email, doubly so if the source isn’t someone you trust or recognize, and you can’t clearly see the destination URL. Most links shared on Twitter use a URL shortener which obscures the final destination, a technology designed originally to compress long URLs into tiny ones and now used as a trick by spammers and hackers to lure you to a fake website. All it takes is a simple page load (no typing or filling in forms required) for an out-of-date browser or OS to be compromised, and once they have a toe in the door, it’s all down hill from there.

From this point forward, you should expect hackers will exploit hot news items to take advantage of our natural curiousity. If part of your online brand-building, either professionally or personally, includes re-sharing or retweeting internet links, be careful you don’t inadvertently share a fake news item to your friends and followers.

Image courtesy of Stuart Miles / FreeDigitalPhotos.net

facebookfakemalaysian airlinesmalwareMH370securityTwitter

Startup Poised to Disrupt Cellular Networks

  • 0
admin
Wednesday, 12 March 2014 / Published in Woo on Tech
Cell Tower

If telecommunications startup Artemis has anything to say about it, bulky and costly cell towers like the one pictured here will be a thing of the past. Instead, they are hoping the nation’s cellular providers will buy into their new technology platform, dubbed “pCell” that they believe will revolutionize both network coverage and data speeds. Artemis engineers have designed a small (about the size of a home office router) device that they believe can be cheaply and easily deployed throughout any geography to provide a much more thorough coverage area and up to 1000 times the speed of 4G networks, a technology that carriers are still struggling to deliver to most parts of the country.

What this means for you:

The cell towers in use by cell carriers today are designed to provide large “cells” of service that are shared by all mobile users within the umbrella of coverage provided by the tower. The vagaries and frustrations known to all cell phone users are physically caused by our movement in, out and away from those cells, and how heavily each cell is being used at the time. Conversely, pCells are designed to provide coverage in a form of mesh network, and can use overlapping signals from nearby pCells to amplify the service delivered to each cell phone. On top of this mesh approach is an underlying shift in the network technology: with this new platform, each cell phone is granted its own “cell” of data services rather than having to share one large cell provided by a central tower. According to Artemis, this will result in much greater efficiencies in data transmissions, improving voice and video quality and speeding up our uploads and downloads.

Artemis is preparing to launch the technology in the fourth quarter of this year. If the technology lives up to the hype, it could finally help deliver on the promise that smartphones first offered to us years ago, but stumbled on delivering mainly because of slow network speeds and spotty mobile network coverage. We can only hope that the carriers see that by providing faster speeds and better coverage they are investing wisely in their own sustainability, and we can move one step closer to a ubiquitous and instantaneous data network literally at our fingertips.

Image courtesy of franky242 / FreeDigitalPhotos.net

4gantennaesartemiscarrierscell phonescell towercoveragepcell

Remote Access Trojan App Shows up on Google Store

  • 0
admin
Tuesday, 11 March 2014 / Published in Woo on Tech
Spy Phone!

About a year ago, I shared an article from Ars Technica detailing a chilling and degrading hacker activity called “ratting” wherein your computer could be hacked into covertly spying on you. This disturbing trend now appears to be spreading to Android smart phones; for a short while before it was detected and removed, a seemingly legitimate app was available on the Google Play store that was purportedly for parents to keep an eye on what their children were doing on their smart phones. Unfortunately for the 50 or so people who actually downloaded the program, the real purpose of the app was to install a remote access trojan platform on the device which would enable someone to illicitly use the phones cameras and mics to spy on the user, as well as control other aspects of the phone like sending texts, making calls and sending emails.

What this means for you:

The app was built on a software development platform that is being marketed specifically to hackers, and one of the key selling points is this kit’s ability to build apps that can “hide” from Google’s security scans that usually prevent malware from being uploaded to the Play store. Translation: you can expect more apps like the one mentioned above to appear on the Google Play store. Where before you could, with maybe 99% effectiveness, depend on Google to protect you from harmful apps, you can no longer take for granted that if an app appears on the Google Play store that it is 100% legitimate. To protect yourself as an Android user, you should:

  • Make sure to have a reputable Anti-malware app installed (I like Webroot’s Security & Antivirus).
  • Read carefully the access permissions each app is asking for before installing.
  • Pay attention to user reviews and install count. If the app only has a small number of reviews and installs, give it a few days and check back to see the app survives internet scrutiny.

Fortunately, Google has a means to automatically reach out to any Android phone and purge apps that it has found to be harmful, but it’s much safer and less stressful to avoid being victimized in the first place.

Androidappgoogle playHackingprivacyrattingsecuritytrojanwarning

Thousands of SOHO Routers Hacked Globally

  • 0
admin
Monday, 03 March 2014 / Published in Woo on Tech
Hacked

Illinois-based security firm Team Cymru has released research findings that point to a wide-spread compromise of consumer-grade routers that are commonly installed in homes and small offices all over the world. As many as 300K of these devices from a variety of manufacturers have been hacked to redirect network traffic to counterfeit banking sites and possibly other malware-laden destinations. Though the hacked devices have been found all over the world, the highest concentration seems to be in Southeast Asia and Europe, with Vietnam, Italy, India and Thailand being hit the hardest.

What this means for you:

Hacked routers are not as easy to detect as a malware infection on a computer, primarily because most people never touch their home or small office routers except to install them or to reset them when their internet doesn’t work. In most cases, they might not even know how to access the router, and have long-forgotten the password used to configure and secure the device originally, if that install wasn’t completely handled by their internet service provider. In the hack mentioned above, all the affected devices shared a common trait of having their DNS altered to point to 2 specific IP addresses(5.45.75.11 and 5.45.76.36), allowing the hackers to effectively control where the compromised router sends any and all network traffic routing through that device.

Team Cymru recommends several ways to harden SOHO-class routers against the hacks used in the attacks mentioned above, but the methods require a familiarity with configuring network devices that is not usually found where these devices are installed. In order to make sure your router is secure, you’ll need to know the following:

  1. Who owns the router (you or the ISP)?
  2. If it’s owned by the ISP, are they managing it for you?
  3. If you own it, do you know the login and password for the device?
  4. Is your connection DHCP or static IP? (Most are the former as statics are an addtional charge)
  5. If it’s static, make sure you have the IP information documented.
  6. If you have access to the configuration of the router, is remote management enabled? If so, does it need to be?
  7. Has your router been updated to the latest firmware? If managed by someone else, will they handle the update?

Not sure how to go about filling in these blanks? Reach out to someone you trust (maybe C2?) with some basic networking and router configuration expertise and have them look at your SOHO router. Your router is a critical device in your home and office network and if it were hacked, every device (and person) connected to it could be severely compromised.

DNShacknetworkremote managementroutersecurity

360M Account Credentials for Sale on Black Market

  • 0
admin
Saturday, 01 March 2014 / Published in Woo on Tech
Warning Sign

Security firm Hold Security LLC is reporting that a cache of 360 million account credentials are up for sale on the black market. Of the 360 million identities, 105 million of them may be from a single data breach, the size of which rivals Adobe’s breach (153 million) from October 2013. Also on sale are 1.25 billion email addresses, a veritable treasure trove for spammers. In this particular case, the account credentials up for sale seem to be mostly comprised of account logins and unencrypted passwords, an important distinction as any buyer can immediately start using the data versus spending time unencrypting passwords.

What this means for you:

Given the sheer volume of account credentials compromised it’s highly likely one or more accounts you use is somewhere on that list, as well as the passwords associated with those accounts. According to Hold Security, they believe the organizations from whom this data was stolen are still unaware of the breach, so it’s even more likely you will be the last to know if you have been compromised. Rather than waiting around, I recommend changing your passwords on all your important online accounts to much stronger, randomized ones, such as can be created and managed by programs like internet-based LastPass or Passpack (my personal choice), or if you prefer to keep your passwords closer to home, desktop programs like Roboform or 1Password.

Image courtesy of Creativedoxfoto / FreeDigitalPhotos.net

account credentialsdata breachpasswordssecurity

Prototype Wi-Fi Virus Spreads Like Biological Virus

  • 0
admin
Wednesday, 26 February 2014 / Published in Woo on Tech
Biohazard

It’s a common practice in the technology industry to describe computer viruses and the way they behave using the same terms and concepts as the medical industry, primarily because the reality of how digital viruses work is rather boring and technical. Up until now.

In the “surprising no one” category of research findings, scientist in the UK have built a prototype computer virus called “Chameleon” that spreads via Wi-fi access points, and upon testing it discovered that it exhibited similar characteristics to airborne pathogens, ie. it spread more quickly in densely populated environments. The virus was also designed to keep its actions from interfering with normal device operations and to bypass well-protected devices for easy-to-infect models with weaker security, much in the same way biological viruses operate. It’s not clear whether the virus was designed to behave this way because the scientists knew how effective biological viruses worked and incorporated that into the design, or whether these traits manifested spontaneously from a “traditionally” designed computer virus.

What this means for you:

Don’t panic yet. The “Chameleon” virus was designed and tested in a lab by trained professionals, and never actually unleashed into “the wild”. Oh wait, did that sound like the premise of just about every virus outbreak movie in the history of Hollywood? Seriously, wi-fi viruses have not yet been found in the wild (but they are really close – see last week’s warning about Linksys routers), but you can bet that black-hat forces are hard at work trying to figure out how to attack wi-fi access points, and the first ones to be targeted will be devices used in heavily trafficked venues like airports, restaurants, coffee-shops and malls. Unless you happened to be in the business of designing wi-fi devices, there’s really not much you can do at this point beyond the usual mantra: keep your software and anti-malware up to date, avoid accessing sensitive data on public wi-fi access points, and use strong passwords. Stay vigilant!

airbornecontagiousscientistssecurityviruswi-fi
  • 48
  • 49
  • 50
  • 51
  • 52

Recent Posts

  • code in a laptop screen

    Software Updates: When to Install, When to Wait, When to Worry

    On July 19, 2024, CrowdStrike pushed a routine ...
  • half open laptop

    Technology Transparency: Why We Don’t Hide Our Markups

    Go look up Microsoft 365 Business Basic on Micr...
  • mid year check-in

    Mid-Year IT Health Check: 10 Things Professional Services Firms Should Review Now

    Most firms set their technology priorities in J...
  • Cloud Migration for Professional Services: When It Makes Sense

    Cloud Migration for Professional Services: When It Makes Sense (And When It Doesn’t)

    Every vendor in the technology industry will te...
  • mid age man working on laptop while floating in the sea summer vacation

    Summer Vacation Security Checklist for Professional Services Firms

    Summer is the one time of year when professiona...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP